Home page logo

nanog logo nanog mailing list archives

Re: VoIP over IPsec
From: Iljitsch van Beijnum <iljitsch () muada com>
Date: Tue, 18 Feb 2003 22:19:43 +0100 (CET)

On Tue, 18 Feb 2003, Stephen Sprunk wrote:

In fact, a method to encrypt small parcels of data efficiently is
well-known for decades.  It is called "stream cypher" (surprise).
Besides LFSR-based and other stream cyphers, any block cypher
can be used in this mode. Its application to RTP is trivial and
straight-forward.  Just leave sequence number in clear text, so that
position in the stream is recoverable in case of packet loss.

Most stream modes are chained in some way to intentionally disrupt
decryption if part of the ciphertext is missing;

That would be CBC mode (where the output of one block becomes part of
the input for the next) and I don't think this effect is a feature. At
least, certainly not a desirable one because now we need a relatively
large initialization vector in each encrypted packet. (It would of
course be possible to negotiate some random data in advance from which
the IVs can be taken in a way that is linked to the counter so the IV
doesn't have to be included in the packet.)

A stream cipher generates a random-looking data stream against which the
payload is XORed. If you miss some payload you can still generate the
data stream for the missing part and start XORing again for the data you
have, as long as you exactly know how much is missing. This would be
trivial to implement in IPsec with a fixed packet length because the
anti-replay counter tells you the number of packets that were
transmitted in the clear.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]